TLS Version for UDDI Downloads

Overview

Prior to the release of CONNECT 5.0, the eHealth Exchange UDDI server was not accepting TLS connection attempts with versions higher than TLS V1 present in the client hello. This presented an undesirable condition for organizations who preferred attempting initial connections with higher levels of TLS because their systems could only designate one version of TLS for initial connection attempts across all services, limiting their systems to using TLS V1 for all Exchange transactions. To mitigate this issue, a separate configurable parameter was created to allow one version of TLS to be used for UDDI server connections and a different version for Exchange transactions.

Other uses for this feature

This feature ensures that systems using CONNECT will not be bounded by limited TLS versions going forward. This feature in CONNECT also allows for expansion into the use separate TLS versions for different services and organizations should such use cases ever become present.

Setting an Explicit TLS Version for UDDI Downloads

The UDDI.TLS parameter in gateway.properties can be set using the following formats:

UDDI.TLS=TLSv1
UDDI.TLS=TLSv1.1
UDDI.TLS=TLSv1.2

When UDDI.TLS is commented out or no value is set in gateway.properties, the default http protocol set in the application/enterprise server is used